Lucene search
+L

55 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/16 1:44 p.m.2 views

CVE-2026-6270

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/16 1:44 p.m.35 views

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

9.1CVSS0.00498EPSS
Exploits1References3
CVE
CVE
added 2026/04/16 1:44 p.m.16 views

CVE-2026-6270

Summary : The vulnerability affects the Node.js module @fastify/middie, specifically versions 9.3.1 and earlier. The root cause is that inherited middleware is not registered on child plugin engine instances, so when a Fastify app registers authentication middleware in a parent scope and then loa...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/16 1:44 p.m.4 views

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References3
OSV
OSV
added 2026/04/16 1:44 p.m.3 views

CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes

@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent scope and then registers child plugins with @fastify/middie, the child scope does not inherit the...

9.1CVSS5.9AI score0.00498EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.11 views

@fastify/middie 安全漏洞

@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie prior to 9.3.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of registration of inherited middleware on sub-plugin engine instances, which could lead to bypassin...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33320

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description Inherited middleware is not registered directly on child plugin engine instances. When authentication middleware is registered in a parent scope and child plugins are registered with...

9.1CVSS5.8AI score0.00498EPSS
Exploits1References16
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-33323

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.3.2 Description A middleware bypass exists when the deprecated ignoreDuplicateSlashes option is enabled. The middleware path matching logic fails to account for duplicate slash normalization performed by the...

7.4CVSS5.7AI score0.00278EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/04/16 12:0 a.m.13 views

@fastify/middie 安全漏洞

@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie 9.3.1 and earlier contained security vulnerabilities. These vulnerabilities occurred when the deprecated ignoreDuplicateSlashes option was enabled, as the middleware’s path matching logic did not...

9.1CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS5.9AI score0.0039EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/28 2:47 a.m.7 views

@andreacioni/saml2-nest-lib (=0.0.7), @apps-in-toss/web-framework (>=2.0.0 <=2.6.2) +220 more potentially affected by CVE-2026-2880 via @fastify/middie (>=8.0.0 <=9.1.0)

@fastify/middie NPM version =8.0.0, =2.0.0, =1.1.6, =1.0.5, =0.2.5, =0.0.6, =0.0.1, =0.0.1, =4.33.5, =2.0.7, =0.0.0-canary-20240602190113, =0.0.0-canary-20240602190113, =0.1.0, =0.7.1 and more Source cves: CVE-2026-2880 Source advisory: OSV:GHSA-8P85-9QPW-FWGW...

9.1CVSS5.7AI score0.0039EPSS
Exploits0
EUVD
EUVD
added 2026/02/28 2:47 a.m.8 views

EUVD-2026-9049

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/28 2:47 a.m.13 views

@fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

9.1CVSS6AI score0.0039EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/28 2:47 a.m.6 views

GHSA-8P85-9QPW-FWGW @fastify/middie has Improper Path Normalization when Using Path-Scoped Middleware

Summary A path normalization inconsistency in @fastify/middie can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and...

8.2CVSS6AI score0.0039EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2026/02/27 9:24 p.m.9 views

@bechara/crux (>=6.0.0 <=6.6.2), @cappa/cli (>=0.1.0 <=0.7.1) +10 more potentially affected by CVE-2026-2880 via @fastify/middie (>=9.0.2 <=9.1.0)

@fastify/middie NPM version =9.0.2, =6.0.0, =0.1.0, =0.1.0, =1.0.0, =1.0.11, =0.1.51, =1.0.36, =11.0.0, =1.3.0, =5.0.0, =0.6.1-dev, =1.1.48 Source cves: CVE-2026-2880 Source advisory: SNYK:JS-FASTIFYMIDDIE-15366397...

9.1CVSS5.7AI score0.0039EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/27 6:25 p.m.2 views

CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/27 6:25 p.m.5 views

CVE-2026-2880

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

9.1CVSS5.9AI score0.0039EPSS
Exploits0References2
CVE
CVE
added 2026/02/27 6:25 p.m.27 views

CVE-2026-2880

Summary: CVE-2026-2880 concerns a path normalization issue in @fastify/middie (versions

9.1CVSS5.9AI score0.0039EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/27 6:25 p.m.7 views

CVE-2026-2880 @fastify/middie has an improper path normalization vulnerability

A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...

8.2CVSS5.9AI score0.0039EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.11 views

@fastify/middie 安全漏洞

@fastify/middie is an open-source middleware engine developed by Fastify. Versions of @fastify/middie prior to 9.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of bypassing the path range middleware when using router normalization options, which could...

9.1CVSS5.8AI score0.0039EPSS
Exploits0References2
Rows per page
Query Builder